If your business relies on your website, keeping it up and running is a key priority.
Sadly, however, there are many people out there – from bored teenagers to state-funded hacking groups seeking to cause disruption – that are out to take it down.
As such, keeping your website secure is very important.
Here are 5 ways you can improve your WordPress security:
Backup/Restore
Should your website get hacked, you want to get it back up as fast as possible. The best way to do this is through having an automated backup system – ideally with backups being held on a different server from your website – from which you can restore your site. As well as just backing up your site though, you want the process for restoring it to be fast and easy to use, minimising the amount of time it is offline losing you money.
There are many systems out there for backing up your website, but one of the hands-down winners for getting a website easily back up and running is having a Managed WordPress host that has proper processes in place to help you when you need it.
Keeping themes and plugins up to date
Keeping your WordPress themes and plugins up to date is very important, as most updates for them tend to be to patch security vulnerabilities that the developers have discovered. Many hackers will target sites that have not updated a certain theme or plugin very quickly after a security update is released (letting them know of the vulnerability).
It is also very important to only use themes and plugins from trusted sources. There are many “free” themes and plugins on the market designed purely to insert a backdoor into your site (or other things) to make money from either extorting you or selling access on the dark web.
Securing your login
An easy way to make your website more secure quickly is to make sure you have a strong password, using symbols, numbers, and letters (both lower and upper case), we are big fans of passwordsgenerator.net
A good way to develop such a password (while it still being memorable) is to take the first letter of each word in the first line of a song you like and string them together, followed by the year the song was released. Even better if the first line contains a name (which you can keep capitalised).
There are also many “Two Factor Authentication” plugins now on the market, adding an extra layer of security to your login process. One we like here at Web 9 is Two Factor Authentication by David Nutbourne & David Anderson, which also allows you to customise the styling of your login page. Best of all, it’s free!
Preventing SQL Injection
SQL injection is a popular hacking technique used to modify or delete entries in your website’s database, with multiple methods for achieving this being possible. As well as ensuring you use well-coded themes and plugins, a good way to make it harder for hackers to use SQL injection is to change the prefix of tables in your WordPress installations database. This way, even if they do find a way to insert SQL code to run in your database, they won’t be able to do anything without knowing your custom prefix.
Some plugins are available to make changing this prefix easier, one of our favourite security plugins here at staging.hosting.io is WordFence. This plugin also includes fixes for many other security vulnerabilities, which it can scan your site for and help you keep it clean going forward. Get in touch with us via your account if you would like to add a discounted Premium Licence.
Be careful who you give an account
It is very important to be careful who you give an account – particularly an admin or editor account – on your website. Social manipulation is a very popular method used by hackers, so you need to keep your wits about you. Don’t give someone access to features on your site that they do not need to have access to. Also be careful giving admin access to people you have never met in person.
Here at Web 9, we live and breathe websites. If you need help securing your WordPress site, get in touch and we will see what we can do!
